You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
While running this scanner, I found two potential workarounds for accessing infected files:
If too many objects are uploaded, and you reach the concurrent lambda limit, then files will not be tagged, and are therefore accessible. This can be fixed by changing the bucket policy to have this condition(for example):
"Condition": {
"StringNotEquals": {
"s3:ExistingObjectTag/scan-status": "CLEAN"
},
Also infected files can be accessed by changing the tags on the object itself. It might be a good idea to restrict tag permissions on infected files to the root user.
The text was updated successfully, but these errors were encountered:
While running this scanner, I found two potential workarounds for accessing infected files:
"Condition": {
"StringNotEquals": {
"s3:ExistingObjectTag/scan-status": "CLEAN"
},
The text was updated successfully, but these errors were encountered: